Acme /LetsEncrypt running each time Docker builds

Brandonza · December 8, 2020, 4:07pm

Hi

I am trying to find a way to avoid the Web container requesting a new certificate from Letsencrypt every time it builds. This is done by this(https://github.com/jitsi/docker-jitsi-meet/blob/master/web/rootfs/etc/cont-init.d/10-config) calling and using this(https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh).

The only solution I can seem to come up with is to edit this file, https://github.com/jitsi/docker-jitsi-meet/blob/master/web/rootfs/etc/cont-init.d/10-config. Telling it to only request a new certificate if the time created on the already existing certificates(~/.jitsi-meet-cfg/web/acme.sh/) are older than 60days.

Does anyone have a better way(my method does not feel to be the right way)?

Brandonza · December 15, 2020, 12:36pm

For anyone else battling, I am running Nginx outside of the container(on the host) - until I find a solution.

Brandonza · December 16, 2020, 7:10am

For anyone else struggling here, there are two ways to solve the issue.

1. Use staging flag(but you will need to edit browser settings to allow the cert which is not ideal)
To do this you need to add a variable to the .env file “LETSENCRYPT_USE_STAGING=1”, which will tell Letsencrypt that you are not in production and the rate-limits are a lot more generous.
Here is the documentation on it: https://letsencrypt.org/docs/staging-environment/

2. Edit the “web/rootfs/etc/cont-init.d/10-config” file
Put the issuing/renewing of the certs in an if statement based on the value you set to a variable in your .env(remember to update the docker-compose.yml to inclue the new variable).